103 - Security
The name's Bond, James Bond.
Read the Docs
If you want to get a better idea about the object that we will be working with in this module, you can review the docs here:
For a more general discussion, take a look here.
Objectives
In this module we'll explain how to create firewall rules in Tuono and how these are instantiated within the public cloud. We'll describe the objects that are created at deployment time and how these are associated with the network objects created in the previous step.
Security Terminology
Network Access Control List (NACL)
A NACL is a logical firewall object that contains the required rules for the 'firewall'. The NACL is attached directly VPC object, and is a function of the VPC not the VM.
Security Groups
AWS security groups act as a firewall at the instance level allowing you to control inbound and outbound traffic.
Key Security Concepts
When Tuono deploys network infrastructure we adhere to a secure by default policy. We automatically deny traffic, allowing you selective control on what should be allowed at the network and firewall layers.
The cloud providers typically follow the opposite approach allowing access to all traffic on all inbound and outbound ports!
Protocol Schema
The protocol schema allows you to set specific ports and traffic types such as allowing SSH and HTTP to pass through the network.
protocol:
web-server:
ports:
- port: 22
proto: tcp
- port: 80
proto: tcp
ping:
ports:
- proto: icmpFirewall Schema
The Firewall schema uses protocols to adjust firewall rules inbound and outbound that can be used throughout the blueprint.
firewall:
fw-external-access:
rules:
- protocols: web-server
to: self
- protocols: ping
to: selfLast updated
Was this helpful?